IEEE 802.11 -- buffer overflow

Description:

An integer overflow in the handling of corrupt IEEE 802.11
beacon or probe response frames when scanning for existing
wireless networks can result in the frame overflowing a
buffer.

Impact:

An attacker able broadcast a carefully crafted beacon or
probe response frame may be able to execute arbitrary code
within the context of the FreeBSD kernel on any system
scanning for wireless networks.

Workaround:

No workaround is available, but systems without IEEE 802.11
hardware or drivers loaded are not vulnerable.

References:

Affects:

FreeBSD >6.0 <6.0_3

portaudit: IEEE 802.11 -- buffer overflow

Disclaimer: The data contained on this page is derived from the VuXML document,
please refer to the the original document for copyright information. The author of
portaudit makes no claim of authorship or ownership of any of the information contained herein.